Using numerous IP addresses and servers from different places around the world, the Dark Web obscures or often hides the origin of online communication, making it more difficult for investigators to follow an information trail.

“The dark web is really just another internet that is not readily accessible in the public domain. It was initially created by US Naval Intelligence services to allow secure intelligence-oriented communication,” said A.T. Smith, Torres Advanced Enterprise Solutions senior advisor.

For instance, should intelligence officers operate in a high-risk host country, the dark web could afford occasion for more protected communication, he explained.

Smith, former Deputy Director of the US Secret Service, is familiar with the challenges associated with dark web activity and the cyber forensics training necessary to fight it; he says the threat is increasing almost exponentially across the globe.

Torres AES, the global security firm Smith supports, provides a variety of technical services to the Department of Defense, Department of State, friendly foreign governments, NGOs and other charitable organizations including cyber forensics to root out transnational criminal and terrorist activities. --- (For More on Torres AESCLICK HERE) ---

The Torres CEO says that their government customers achieve fully functional and active investigative cyber forensics units within a month.

“Our software products find bad actors and crimes within and outside of the dark web without being detected which is critical,” a Torres AES official familiar with the training said.

Known as a medium home to vast amounts of illicit activity, the dark web enables the exchange of counterfeit goods, money laundering, drug exchanges, terrorist activity and even human trafficking, Smith explained.

“Bad guys know that authorities are in the dark web looking for them, so they continuously set up fake businesses, fake web sites and use their own detection systems to look for investigative activities. Torres teaches governments the methods to get into the dark web and conduct investigations without being detected," the Torres official said.

For example, the fluid and more loosely-governed border area separating Argentina, Brazil and Paraguay continues to generate substantial concern about international criminal activity on the Dark Web -- and its relationship to terrorist financing.

"Our cyber forensics solutions continuously employ anti-detection methods, and if there is the potential of being identified, the systems close and shift to another virtual cyber system. These countries would not have pursued these cyber forensics courses because of the cost and time it takes to implement. We were able to do this at a fraction of the market cost," said Jerry Torres, Torres AES CEO.

​

Referred to as the Tri-border area, the region has been an attractive draw for Iranian-backed terrorist groups such as Hezbollah and criminal organizations interested in using the Dark Web to move illegal money, stage operations and help fund international terrorist activity. The FBI has estimated that Hamas alone sends over $500 million annually from the tri-border region to the Middle East to fund terrorist activities where their digital transactions go largely undetected, international security officials familiar with the issue said.

In response to this, Torres AES has been training the Paraguayan National Police, the Argentinian Federal Police and Brazilian Federal and Provincial police forces to use the latest cyber forensics systems to attack the growing threat.

In addition, the dark web can afford bad actors an opportunity to engage in identity theft, credit card fraud and the selling of sensitive intellectual property such as military specs for an emerging weapons system.

An essay from “Forensic Pathways” further details this phenomenon.

“Dark Web forums are often utilized as an arena in which hackers can expose and discuss vulnerabilities within an organization’s system that can be exploited. This information is then sold anonymously to buyers all across the world who cannot be easily traced by law enforcement,” forensic-pathways.com writes.

Naturally, counterterrorism officials, law enforcement investigators and some military cyber experts employ a range of techniques to identify and crack down on dangerous and illicit dark web activity.

Posing as an illegal actor on the dark web, investigators can at times have success tracking down criminal and terrorist networks – yet these tactics are not without significant obstacles.

“Once you are there, you might be able to see certain things, get in and make contact. However, someone would have to vouch for you, to ensure you were a legit criminal,” Smith explained.

At the same time, undercover investigators who may succeed in gaining access, learning information or even making transactions with bad actors to acquire evidence can often be hindered by the lack of bi-lateral mutual assistance extradition agreements.

If a malicious intruder is caught operating in one particular country, US investigators may only be able to advance a prosecution in the event that it was a friendly country with which the US had a collaborative agreement.

Artificial intelligence and machine learning are also increasingly being applied by investigators to track traffic patterns and IP addresses used by criminals, according to Darkwebnews.com. Although using computer automation and advanced algorithms to identify patterns of activity or identify specific, often-used online addresses can be useful, they often fall short of being able to actually ID a suspect. It can, according to the Darkwebnews.com article, offer investigators a starting point from which to launch an investigation or pinpoint an area of investigative relevance.

Other useful investigative techniques involve the use of Data Collection Modules able to find and store new URLs from multiple sources, according to “Cybercrime in the Deep Web,” an essay from Black Hat EU, Amsterdam, 2015.

The Black Hat essay also cites a technique known as the use of “Page Scouting” modules which explore new URLs as they are collected and used for illegal transactions. “Data Enrichment” and “Storage and Indexing” modules can also scout, integrate and collect information for analysis, the essay specifies.